🕴 What We've Learned in the 12 Months Since the Colonial Pipeline Attack 🕴
📖 Read
via "Dark Reading".
The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?📖 Read
via "Dark Reading".
Darkreading
What We've Learned in the 12 Months Since the Colonial Pipeline Attack
The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?
‼ CVE-2021-27767 ‼
📖 Read
via "National Vulnerability Database".
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28276 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27760 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28279 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28278 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29423 ‼
📖 Read
via "National Vulnerability Database".
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24099 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27765 ‼
📖 Read
via "National Vulnerability Database".
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27762 ‼
📖 Read
via "National Vulnerability Database".
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24105 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27909 ‼
📖 Read
via "National Vulnerability Database".
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27784 ‼
📖 Read
via "National Vulnerability Database".
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28273 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23802 ‼
📖 Read
via "National Vulnerability Database".
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27766 ‼
📖 Read
via "National Vulnerability Database".
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24098 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27764 ‼
📖 Read
via "National Vulnerability Database".
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27759 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27761 ‼
📖 Read
via "National Vulnerability Database".
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2019-12254 ‼
📖 Read
via "National Vulnerability Database".
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.📖 Read
via "National Vulnerability Database".